Senior Software Developer, Application Security

This is a fully remote position, open to applicants in Germany.

📋 Description

• Responsible for both operational and conceptual tasks in the realm of Application Security.

• Establishment of secure software development practices across all projects.

• Conducting security reviews at both code and architecture levels.

• Identification, analysis, and assessment of security risks (e.g., through threat modeling and threat analysis).

• Development and implementation of application-specific security concepts.

• Support in architectural decisions while considering security requirements.

• Vulnerability management: analysis, evaluation (e.g., CVEs), and prioritization of measures.

• Close collaboration with development teams for the sustainable remediation of security gaps.

• Integration of security into CI/CD processes in alignment with DevSecOps (e.g., automated scans, dependency checks).

• Assistance with the secure configuration of cloud and Kubernetes environments (e.g., secrets management, access controls, network security).

• Contribution to the security of containerized applications.

• Participation in the implementation of authentication and authorization concepts as well as API security.

• Consideration of supply chain security, particularly regarding external dependencies and libraries.

• Supervision and evaluation of penetration tests, along with support for findings analysis and prioritization.

• Analysis of attack scenarios and exploitation methods to derive suitable countermeasures.

• Collaboration in defining and advancing security guidelines and best practices.

• Advising development teams on security-relevant topics throughout the entire software lifecycle.

• Support in the analysis and handling of security incidents.

• Contribution to the continuous improvement of security measures and defense strategies.

⛳️ Requirements

• Understanding of common security standards and best practices (e.g., OWASP Top 10, international security standards).

• Basic or advanced experience in conducting security reviews (code and architecture).

• Knowledge in the area of threat modeling and risk analysis (or willingness to acquire these skills).

• Understanding of vulnerability management and handling security advisories/CVEs.

• Experience or interest in DevSecOps and integrating security into CI/CD pipelines.

• Basic knowledge of cloud technologies and/or Kubernetes and their security requirements.

• Knowledge in authentication, authorization, and API security is a plus.

• Initial experience with penetration testing or a fundamental understanding of attack methods.

• Analytical thinking and a structured approach to security issues.

• Strong communication skills and the ability to collaborate with development teams.

• Excellent German language skills and good English proficiency.

• For junior profiles: high willingness to learn and interest in advancing in the field of application security.

• For experienced profiles: ability to strategically advance security and take on responsibility.

🏝️ Benefits

• Flexible working hours in a flextime model and full remote / occasional in-office presence.

• 30 days of vacation per year.

• Free access to the LinkedIn Learning platform.

• Individual training opportunities and regular feedback discussions.

• Company pension plan.

• Fitness area and lounge with foosball and gaming console in the office.

• Team events and company celebrations.

• Complimentary cold & hot beverages.